Creating basic security authorizations

To create basic security authorizations, you can use the sample job HBORACF, which contains a minimal set of RACF® commands to create security profiles for the Z Common Data Provider runtime components.

Before you begin

Depending on your requirement, not all the RACF commands in the HBORACF job are required. The HBORACF job has the comments that explain in what situations the RACF commands are required. Follow the customization instructions in the job to tailor the job according to your need. To learn which components are required, see Components of the Z Common Data Provider.

Note: It is highly recommended that your security administrator review the contents of the job HBORACF before running it and make any changes that are needed to be consistent with your installation's security policies.

If your installation uses an external security manager other than RACF, you must provide equivalent commands for your environment.

About this task

The HBORACF job creates the following basic security definitions.
  • The RACF user and group for the Z Common Data Provider started tasks.
  • The started task profiles for the Z Common Data Provider started tasks.
  • The specific security authorizations required for each Z Common Data Provider started task.
In addition, the HBORACF job contains the RACF commands to create security authorizations for:
  • collecting SMF records from an SMF log stream or an SMF in-memory resource
  • collecting z/OS® system log data from the operation log (OPERLOG)
Note:

Procedure

  1. Make a copy of job HBORACF from hlq.SHBOSAMP.
  2. Review and edit the job according to the customization instructions.
  3. Submit HBORACF as a batch job on your z/OS system.
    Important: You must run the job HBORACF with a user ID that has the RACF SPECIAL attribute.

Results

Ensure that the HBORACF job completes with return code 0000.